The Miva store has a flaw where tax calculation can be bypassed.
1d01c13dc921e88b57fdf3d00029318da56b748446d547d8daef6d751bd9f727
PHP Poll Creator version 1.01 is susceptible to a remote file inclusion vulnerability.
5c581ce9d2cf8550744e983f08d2abe424320521a65513d2ece38d043791b222
JavaMail API versions 1.13, 1.2, and 1.3 are susceptible to multiple information disclosure vulnerabilities.
c3cb47c8dc22584e271b8f68818d84e69de37fd589266e971b46fb4442a3a31d
iDEFENSE Security Advisory 05.24.05-5 - Remote exploitation of a denial of service vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service thereby preventing legitimate usage. Version 8.13 and 8.12 are confirmed vulnerable. Earlier versions may be susceptible as well.
d455c61f41de713d78f506feae80b9cdb938e88634bbc2cb59c35860836cbccf
iDEFENSE Security Advisory 05.24.05-4 - Remote exploitation of a directory traversal vulnerability in Ipswitch Inc.'s Imail Web Calendaring server allows attackers to read arbitrary files with System privileges. Version 8.13 is confirmed vulnerable. Earlier versions may be susceptible as well.
c2412685d9447765878e88f041d94055c3ae9b7b48aaecf6311d4da8eea532c7
iDEFENSE Security Advisory 05.24.05-3 - Remote exploitation of several buffer overflow vulnerabilities in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. Version 8.12 is confirmed vulnerable. Earlier versions may be susceptible as well.
9f4c8c937937e246b73f6c5f56b49c2fa4b93c73ae1086201553c84363cd706d
iDEFENSE Security Advisory 05.24.05-2 - Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s 8.13 IMail IMAP daemon allows attackers to cause 100 percent CPU use on the server, thereby preventing legitimate users from retrieving e-mail.
a5edfc0b27df6ff1737295a9fee8adc88a51d14e0d51929410345acc43a5b540
iDEFENSE Security Advisory 05.24.05-1 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The vulnerability specifically exists in the handling of a long mailbox name to the STATUS command. A long mailbox name argument will cause a stack based buffer overflow, providing the attacker with full control over the saved return address on the stack.
b52c4eafcf24128417eb48204d02e859bd572c5f3adf53efcaf617cddcf64290
A vulnerability in Halo: Combat Evolved versions 1.06 and below and Custom Edition 1.00 can be exploited by malicious people to cause a DoS (Denial of Service).
3bac6e930e7192cb2524eed969e3949d1fcc3673e20aaafdb5adefd1f157937f
Local exploit for Exim 4.40.
3adad43468cfdfd5ed6651714bdec7ccbbcdfc0f919cf2bda7401afbde47c960
Spread The Word, a Comersus based bookstore, is susceptible to multiple cross site scripting and SQL injection flaws.
57696cdb63045dd868bfebec4811e33ab2334d0c93c9fda6c902d855e90e7acf
WebLogic Server and WebLogic Express, Service Pack 4, are susceptible to cross site scripting flaws.
2619b3310f3c47e89eec1626a229bb5d830f5decc8011308daf41b04d6db1c6a
WebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.
4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003
GForge versions below 4.0 suffer from a remote code execution flaw.
77fe7ff7bd06b439229afd0c78e13bddeb8127ba34471e9eb815bd3617ef2cc6
Blue Coat Reporter 7.1.1.1 suffers from privilege escalation, HTML injection, and cross site scripting flaws.
0e820990b63dcfc03f6876ce9d4006e72b5302f20bb062b66e2d40e08bccc29b
The Zyxel Prestige 650R-31 ADSL router is susceptible to a denial of service attack using fragmented packets.
3da030dc02b25df10685ac38fd1f25703236e1b26958917084213d417472f0ef
Sambar Server 6.2 is susceptible to multiple cross site scripting flaws.
fd9a1e7e059ac74e0f65f85e40b9cd8ce78d46a468b43363cb4a92ba0d13f957
net-snmp fixproc contains a security flaw that allows a malicious local attacker the ability to execute arbitrary commands with root privileges.
e45fb19f19ec442e148803aa640b440b3b0b5470ff6e7fbd34aec296f42a3019
Warrior Kings 1.3 and below and Warrior Kings: Battles 1.23 and below suffer from format string vulnerabilities.
f404dcbc41bc0647bdb271e3dc2e805c773c4f7afe035d0b957a73eae9ffdafd
Computer Associates Vet library provides antivirus scan engine capabilities. Vet scan engines allow products to analyze various streams for malware. Vet is vulnerable to an integer wrap during the analysis of an OLE stream. The integer wrap causes an arbitrary heap overflow with no character restrictions allowing remote attackers control of the system(s) Vet is protecting.
c4e6ac4f3f3118a3c7dcd8f30132e256ee811e86703d139084b225e408b0b4fc
INMOLUXE Premium 2.0 is susceptible to SQL injection attacks.
586957eb4953b9a8f1421bf4a9446c2210452bb208317345005ecfb2ee733984
Cookie Cart Shopping is susceptible to remote password hash extraction.
0ce1029e80556b205972414f257b404113a48da5ea46e74dc6f33b41af192ce7
PortailPHP version 1.3 suffers from SQL injection flaws.
720340569373ed8a8af7f1e29cc638016faeb2e67cd06a0c6304b37d7526da84
This proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
f0ce619089e25cac5ce67e00f1bbdd6bcafd35a9367e9e68693cf0d792c122b2
Postnuke versions 0.760RC3 and below suffer from SQL injection attacks.
d3af81e0fc22d49f4eaec7866a406567c5653a2db0e52361ec350a5075b14188